Re: chroot named
From: Bill Vermillion (bill@wjv.com)
Date: 08/21/01
- Next message: Karsten W. Rohrbach: "Re: chroot named"
- Previous message: David Kirchner: "Re: chroot named"
- Maybe in reply to: Koji: "chroot named"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Aug 2001 12:24:54 -0400 From: Bill Vermillion <bill@wjv.com> To: security@FreeBSD.ORG
On Tue, Aug 21, 2001 at 09:03:39AM -0700, security-digest thus sprach:
> chroot named
> Re: chroot named
> Date: Mon, 20 Aug 2001 23:18:42 +0200
> From: "Koji" <koji@ciberteca.com>
> Subject: chroot named
> Hi, i'm configuring named with chroot, but i have two questions.
> Is necesary the files ld-elf.so.1, libc.so.4, libutil.so.3 and
> named-xfer ? I have trying the named with and without this files
> and works correctly (two forms works correctly ). what are the
> files indispensables really?
> What are the best perms for /etc/namedb/chroot?
> chown -R bind:bind /etc/namedb/chroot
> chmod -R 750 /etc/namedb/chroot
> (handbook's documentation, all files)
> or
> chown -R bind:bind /etc/namedb/chroot/etc/namedb/s
> chmod -R 750 /etc/namedb/chroot/etc/namedb/s
> (only domain configuration files)
What are the advantages of doing that versus the flag options
to named.
#named_flags="-u bind -g bind" # Flags for named
As in /etc/passwd we see this:
bind:*:53:53:Bind Sandbox:/:/sbin/nologin
I really am not sure, that's why I ask. What are the
advantages and disadvantatges of each approach.
-- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Karsten W. Rohrbach: "Re: chroot named"
- Previous message: David Kirchner: "Re: chroot named"
- Maybe in reply to: Koji: "chroot named"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
